106 lines
2.2 KiB
Django/Jinja
106 lines
2.2 KiB
Django/Jinja
# Nomad 客户端安全配置模板
|
|
datacenter = "dc1"
|
|
data_dir = "/opt/nomad/data"
|
|
plugin_dir = "/opt/nomad/plugins"
|
|
log_level = "INFO"
|
|
name = "{{ inventory_hostname }}"
|
|
|
|
# 安全绑定 - 只绑定到 Tailscale 接口
|
|
{% if inventory_hostname == 'influxdb' %}
|
|
bind_addr = "influxdb1.tailnet-68f9.ts.net"
|
|
|
|
addresses {
|
|
http = "influxdb1.tailnet-68f9.ts.net"
|
|
rpc = "influxdb1.tailnet-68f9.ts.net"
|
|
serf = "influxdb1.tailnet-68f9.ts.net"
|
|
}
|
|
|
|
advertise {
|
|
http = "influxdb1.tailnet-68f9.ts.net:4646"
|
|
rpc = "influxdb1.tailnet-68f9.ts.net:4647"
|
|
serf = "influxdb1.tailnet-68f9.ts.net:4648"
|
|
}
|
|
{% else %}
|
|
bind_addr = "{{ inventory_hostname }}.tailnet-68f9.ts.net"
|
|
|
|
addresses {
|
|
http = "{{ inventory_hostname }}.tailnet-68f9.ts.net"
|
|
rpc = "{{ inventory_hostname }}.tailnet-68f9.ts.net"
|
|
serf = "{{ inventory_hostname }}.tailnet-68f9.ts.net"
|
|
}
|
|
|
|
advertise {
|
|
http = "{{ inventory_hostname }}.tailnet-68f9.ts.net:4646"
|
|
rpc = "{{ inventory_hostname }}.tailnet-68f9.ts.net:4647"
|
|
serf = "{{ inventory_hostname }}.tailnet-68f9.ts.net:4648"
|
|
}
|
|
{% endif %}
|
|
|
|
ports {
|
|
http = 4646
|
|
rpc = 4647
|
|
serf = 4648
|
|
}
|
|
|
|
# 纯客户端模式
|
|
server {
|
|
enabled = false
|
|
}
|
|
|
|
client {
|
|
enabled = true
|
|
network_interface = "tailscale0"
|
|
|
|
# 连接到当前活跃的服务器节点
|
|
servers = [
|
|
"ch2.tailnet-68f9.ts.net:4647",
|
|
"ch3.tailnet-68f9.ts.net:4647",
|
|
"de.tailnet-68f9.ts.net:4647",
|
|
"semaphore.tailnet-68f9.ts.net:4647"
|
|
]
|
|
|
|
# 基本驱动
|
|
options {
|
|
"driver.raw_exec.enable" = "1"
|
|
"driver.exec.enable" = "1"
|
|
}
|
|
|
|
# 激进的垃圾清理策略
|
|
gc_interval = "5m"
|
|
gc_disk_usage_threshold = 80
|
|
gc_inode_usage_threshold = 70
|
|
}
|
|
|
|
# Podman 插件配置
|
|
plugin "nomad-driver-podman" {
|
|
config {
|
|
socket_path = "unix:///run/podman/podman.sock"
|
|
volumes {
|
|
enabled = true
|
|
}
|
|
}
|
|
}
|
|
|
|
# 安全的 Consul 配置 - 指向本地客户端
|
|
consul {
|
|
address = "127.0.0.1:8500"
|
|
server_service_name = "nomad"
|
|
client_service_name = "nomad-client"
|
|
auto_advertise = true
|
|
server_auto_join = true
|
|
client_auto_join = true
|
|
}
|
|
|
|
# 禁用 Vault - 暂时
|
|
vault {
|
|
enabled = false
|
|
}
|
|
|
|
# 遥测配置
|
|
telemetry {
|
|
collection_interval = "1s"
|
|
disable_hostname = false
|
|
prometheus_metrics = true
|
|
publish_allocation_metrics = true
|
|
publish_node_metrics = true
|
|
} |